On October 14, a cryptocurrency trader lost $1.28 million after unknowingly signing a phishing transaction tied to the notorious Inferno Drainer toolkit. The malicious transaction drained the victim's wallet of 108 billion PEPE, 73.8 million APU, and 165,000 MSTR tokens. This attack is part of a growing trend of phishing-as-a-service attacks, which continue to exploit unsuspecting crypto investors.
How the Phishing Attack Happened
The victim’s wallet, labeled “0xb0b..40c7,” was targeted through an “approval phishing attack.” This method allows scammers to trick users into giving wallet permissions that enable them to drain assets. In this case, Inferno Drainer was used to execute the attack. The stolen assets were moved across six transactions and distributed to various attacker-controlled addresses.
The Inferno Drainer toolkit has become a significant threat within the crypto space, responsible for draining over $237 million from 200,000 victims through phishing websites and fake applications. Despite initial claims that the toolkit would shut down in November 2023, it resurfaced in May 2024 due to renewed demand from scammers.
Growing Threat of Crypto Phishing Attacks
Inferno Drainer's resurgence highlights the growing menace of phishing scams. According to reports, over $127 million in cryptocurrency was stolen in Q3 2024 alone, with $46 million lost in September. One of the largest incidents occurred on September 28, where a phishing attack drained 12,083 spWETH tokens valued at $32.43 million. Ether and other cryptocurrencies, such as Polygon (MATIC) and BNB, are frequent targets.
Most phishing attacks stem from malicious links on social media platforms or phishing ads on Google, making it imperative for crypto investors to exercise caution when interacting with digital asset platforms.
